My other question about ephemeral keys is whether they're useful for something like email. I understand how they work for transient conversations like HTTPS or chats (although if you archive the chats forever you'd have the same problem). Would you store something like a key version as KeyCzar does and keep multiple keys around, or periodically have to recrypt all archived data as with key rotation? Or have a single key(pair) that is used for archiving data which is different to the one used in transmission?